﻿using System.DirectoryServices.AccountManagement;
using System.Security.Principal;

namespace RIABlog.Web
{
    using System.Security.Authentication;
    using System.ServiceModel.DomainServices.Hosting;
    using System.ServiceModel.DomainServices.Server;
    using System.ServiceModel.DomainServices.Server.ApplicationServices;
    using System.Threading;

    // TODO: Switch to a secure endpoint when deploying the application.
    //       The user's name and password should only be passed using https.
    //       To do this, set the RequiresSecureEndpoint property on EnableClientAccessAttribute to true.
    //   
    //       [EnableClientAccess(RequiresSecureEndpoint = true)]
    //
    //       More information on using https with a Domain Service can be found on MSDN.

    /// <summary>
    /// Domain Service responsible for authenticating users when they log on to the application.
    ///
    /// Most of the functionality is already provided by the AuthenticationBase class.
    /// </summary>
    [EnableClientAccess]
    public class AuthenticationService : AuthenticationBase<User>
    {
		/// <summary>
		/// Переопределяем процедуру проверки логина/пароля
		/// </summary>
		protected override bool ValidateUser(string login, string password)
		{
			// сначала ищем пользователя в базе Membership
			if(base.ValidateUser(login, password))
			{
				return true;
			}

			// потом пытаемся найти его среди локальных пользователей системы
			using(var context = new PrincipalContext(ContextType.Machine))
			{
				return context.ValidateCredentials(login, password);
			}
		}
	}
}
